1 

2 
3 

5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 



In the Claims 

Claims 1-21 and 26 were previously cancelled. 

Claims 22-25 and 27-3 1 remain in the application and are listed below. 
1-21. (Canceled). 

22. (Previously Presented) A system for securing data communication 
between an internet computer network and an external computer network, 
comprising: 

a client located in the internal computer network; 

a server located in the external computer network and in communication 
with the client; and 

an application-level gateway proxy device comprising: 

components for (1) performing, at a packet level, a network address 
translation upon a stream of packets originating from the client and (2) filtering, at 
a stream level, the stream of packets and transmitting the packets to the server, 
wherein the filtering is transparent to the client; and 

a communications socket internal to the application-level gateway 
proxy device and communicatively connected to the components for (1) 
performing the network address translation and (2) filtering. 

23. (Previously Presented) The system of claim 22, wherein the 
components of the proxy device comprise: 
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a first component for filtering said stream of packets, and also for filtering, 
at a stream level and transparent to the client, a second stream of packets 
originating fi"om the server; and 

a second component for performing said network address translation, and 
also for performing, at a packet level, a reverse network address translation with 
respect to the packets in the second stream and transmitting the packets in the 
second stream to the client. 

24. (Previously Presented) An application-level gateway proxy device, 
comprising: 

a component for performing, at a packet level, a network address translation 
with respect to a stream of packets originating from a client in an internal network, 
wherein the client is communicating the stream of packets to a server located in an 
external network; 

a component for filtering, at a stream level, the stream of packets, wherein 
the filtering is transparent to the client; 

a communication socket internal to the application-level gateway proxy 
device and conununicatively connected to: 

the component for performing the network address translation; and 
the component for filtering; and 
a component for transmitting the packets to the server after the packets are 
filtered. 

25. (Previously Presented) The proxy device of claim 24, fiirther 
comprising: 
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a component for filtering, at a stream level and transparently to the client, a 
second stream of packets originating from the server; 

a component for performing, at a packet level, a reverse network address 
translation upon the packet in the second stream; and 

a component for transmitting the packet in the second stream to the client. 

26. (Canceled). 

27. (Previously Presented) The method of claim 24, wherein filtering the 
stream of packets comprises transforming the stream. 

28. (Previously Presented) The method of claim 24, wherein filtering the 
stream of packets comprises compressing the stream. 

29. (Previously Presented) The method of claim 24, wherein filtering 
comprises content monitoring, content restriction, stream transformation, traffic 
redirection and combinations thereof. 

30. (Previously Presented) A computer-implemented method for 
communication between a first network and a second network comprising: 

intercepting, at a first external socket of a proxy network address translation 
device, a stream of packets; 

performing, at a first internal component of the proxy network address 
translation device, a network address translation upon the stream of packets, the 
network address translation occurring at a packet level; 
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transmitting, from the first internal component of the proxy network 
address translation device, the translated stream of packets; 

filtering, at the second internal component of the proxy network address 
translation device, the translated stream of packets, the filtering occurring at a 
stream level; and 

transmitting, from the second external socket of the proxy network address 
franslation device, the translated and filtered stream of packets. 

31. (Previously Presented) The method of claim 30, wherein transmitting 
from the first internal component of the proxy network address translation device 
to the second internal component of the proxy network address translation device 
comprises transmitting the translated sfream of packets through an internal socket 
of the proxy network address translation service. 



5 



OS3a06!2S7 O:\DOCS\MSl \2SS! USU14774.DOC 



